Мобильная версияЭффект атрибутов file_read_attributes и file_read_ea в файле ⇐ C++
-
Anonymous
Эффект атрибутов file_read_attributes и file_read_ea в файле
msdn определяет file_read_attributes как «атрибуты права на чтение файла». /> Насколько я понимаю, если эти права отсутствуют, мы теряем доступ к атрибутам файла. Однако, если я заберу эти права из файла, GetFileatTributes продолжает возвращать атрибуты файла.
Так что влияет на отсутствие file_read_attributes и file_read_ea ? Правильный путь к файлу < /p>
#include
#include
#include
#include
#include
#include
#include
DWORD GetSecurityDescriptor(HANDLE handle, std::unique_ptr& pSD)
{
DWORD dwSDLen;
std::unique_ptr buffer;
if (GetKernelObjectSecurity(handle, DACL_SECURITY_INFORMATION, NULL, 0, &dwSDLen) == 0)
{
DWORD err = GetLastError();
if (err == ERROR_INSUFFICIENT_BUFFER)
{
buffer.reset(new(std::nothrow) BYTE[dwSDLen]);
if (!buffer)
{
return ERROR_NOT_ENOUGH_MEMORY;
}
if (GetKernelObjectSecurity(handle, DACL_SECURITY_INFORMATION, buffer.get(), dwSDLen, &dwSDLen) == 0)
{
return GetLastError();
}
pSD = std::move(buffer);
}
else
{
return err;
}
}
return ERROR_SUCCESS;
}
DWORD ToAbsoluteSD(const std::unique_ptr& selfRelativeSD, std::unique_ptr& absoluteSD)
{
DWORD absSDSize = 0;
DWORD dwDaclSize = 0;
DWORD dwSaclSize = 0;
DWORD dwOwnerSize = 0;
DWORD dwPrimaryGroupSize = 0;
DWORD result = MakeAbsoluteSD(selfRelativeSD.get(), NULL, &absSDSize,
NULL, &dwDaclSize,
NULL, &dwSaclSize,
NULL, &dwOwnerSize,
NULL, &dwPrimaryGroupSize);
if (result != 0)
{
return ERROR_INSUFFICIENT_BUFFER;
}
DWORD err = GetLastError();
if (err == ERROR_INSUFFICIENT_BUFFER)
{
std::unique_ptr absSD(new(std::nothrow) BYTE[absSDSize]);
std::unique_ptr dacl(new(std::nothrow) BYTE[dwDaclSize]);
std::unique_ptr sacl(new(std::nothrow) BYTE[dwSaclSize]);
std::unique_ptr owner(new(std::nothrow) BYTE[dwOwnerSize]);
std::unique_ptr primaryGroup(new(std::nothrow) BYTE[dwPrimaryGroupSize]);
if (!absSD || !dacl || !sacl || !owner || !primaryGroup)
{
return ERROR_NOT_ENOUGH_MEMORY;
}
result = MakeAbsoluteSD(selfRelativeSD.get(), absSD.get(), &absSDSize,
(PACL)dacl.get(), &dwDaclSize,
(PACL)sacl.get(), &dwSaclSize,
(PSID)owner.get(), &dwOwnerSize,
(PSID)primaryGroup.get(), &dwPrimaryGroupSize);
if (result == 0)
{
return GetLastError();
}
absoluteSD = std::move(absSD);
}
else
{
return err;
}
return ERROR_SUCCESS;
}
DWORD SetPermissions(const std::wstring& fileName, PSID pSID, bool allowed, ACCESS_MASK accessRights, bool set)
{
if (fileName.size() == 0)
{
return ERROR_INVALID_PARAMETER;
}
if (!pSID)
{
return ERROR_INVALID_PARAMETER;
}
wil::unique_handle hFile(CreateFile(fileName.c_str(), READ_CONTROL | WRITE_DAC, 0, NULL, OPEN_EXISTING, FILE_FLAG_BACKUP_SEMANTICS, NULL));
if (!hFile)
{
return GetLastError();
}
std::unique_ptr pSD;
DWORD result = GetSecurityDescriptor(hFile.get(), pSD);
if (result != ERROR_SUCCESS)
{
return result;
}
PACL dacl = nullptr;
BOOL present;
BOOL defaulted;
if (GetSecurityDescriptorDacl(pSD.get(), &present, &dacl, &defaulted) == 0)
{
return GetLastError();
}
if (!present)
{
return ERROR_NOT_SUPPORTED;
}
bool aceType = allowed ? ACCESS_ALLOWED_ACE_TYPE : ACCESS_DENIED_ACE_TYPE;
// if DACL present and not NULL
if (dacl)
{
for (WORD i = 0; i < dacl->AceCount; i++)
{
PACE_HEADER header;
if (GetAce(dacl, i, (PVOID*)&header) != 0)
{
if (header->AceType == aceType)
{
auto ace = (ACCESS_ALLOWED_ACE*)header; // have the same binary layout as ACCESS_DENIED_ACE
if (EqualSid((PSID)&ace->SidStart, pSID) != 0)
{
set ? ace->Mask |= accessRights : ace->Mask &= ~accessRights;
if (SetKernelObjectSecurity(hFile.get(), DACL_SECURITY_INFORMATION, pSD.get()) == 0)
{
return GetLastError();
}
return ERROR_SUCCESS;
}
}
}
}
}
EXPLICIT_ACCESS ea;
PACL pNewDACL = NULL;
// Initialize an EXPLICIT_ACCESS structure for the new ACE.
ZeroMemory(&ea, sizeof(EXPLICIT_ACCESS));
ea.grfAccessPermissions = accessRights;
ea.grfAccessMode = allowed ? SET_ACCESS : DENY_ACCESS;
ea.grfInheritance = NO_INHERITANCE;
ea.Trustee.TrusteeForm = TRUSTEE_IS_SID;
ea.Trustee.ptstrName = (PWSTR)pSID;
result = SetEntriesInAcl(1, &ea, dacl, &pNewDACL);
if (result != ERROR_SUCCESS) {
return result;
}
std::unique_ptr absoluteSD;
result = ToAbsoluteSD(pSD, absoluteSD);
if (result != ERROR_SUCCESS)
{
return result;
}
if (SetSecurityDescriptorDacl(absoluteSD.get(), TRUE, pNewDACL, FALSE) == 0)
{
return GetLastError();
}
if (SetKernelObjectSecurity(hFile.get(), DACL_SECURITY_INFORMATION, absoluteSD.get()) == 0)
{
return GetLastError();
}
return ERROR_SUCCESS;
}
int main()
{
wchar_t trusteeSID[] = L"S-1-5-21-#-#-#-#";
PSID pSid;
if (!ConvertStringSidToSid(trusteeSID, &pSid)) {
std::cout
Подробнее здесь: https://stackoverflow.com/questions/794 ... -on-a-file
msdn определяет file_read_attributes как «атрибуты права на чтение файла». /> Насколько я понимаю, если эти права отсутствуют, мы теряем доступ к атрибутам файла. Однако, если я заберу эти права из файла, GetFileatTributes продолжает возвращать атрибуты файла.
Так что влияет на отсутствие file_read_attributes и file_read_ea ? Правильный путь к файлу < /p>
#include
#include
#include
#include
#include
#include
#include
DWORD GetSecurityDescriptor(HANDLE handle, std::unique_ptr& pSD)
{
DWORD dwSDLen;
std::unique_ptr buffer;
if (GetKernelObjectSecurity(handle, DACL_SECURITY_INFORMATION, NULL, 0, &dwSDLen) == 0)
{
DWORD err = GetLastError();
if (err == ERROR_INSUFFICIENT_BUFFER)
{
buffer.reset(new(std::nothrow) BYTE[dwSDLen]);
if (!buffer)
{
return ERROR_NOT_ENOUGH_MEMORY;
}
if (GetKernelObjectSecurity(handle, DACL_SECURITY_INFORMATION, buffer.get(), dwSDLen, &dwSDLen) == 0)
{
return GetLastError();
}
pSD = std::move(buffer);
}
else
{
return err;
}
}
return ERROR_SUCCESS;
}
DWORD ToAbsoluteSD(const std::unique_ptr& selfRelativeSD, std::unique_ptr& absoluteSD)
{
DWORD absSDSize = 0;
DWORD dwDaclSize = 0;
DWORD dwSaclSize = 0;
DWORD dwOwnerSize = 0;
DWORD dwPrimaryGroupSize = 0;
DWORD result = MakeAbsoluteSD(selfRelativeSD.get(), NULL, &absSDSize,
NULL, &dwDaclSize,
NULL, &dwSaclSize,
NULL, &dwOwnerSize,
NULL, &dwPrimaryGroupSize);
if (result != 0)
{
return ERROR_INSUFFICIENT_BUFFER;
}
DWORD err = GetLastError();
if (err == ERROR_INSUFFICIENT_BUFFER)
{
std::unique_ptr absSD(new(std::nothrow) BYTE[absSDSize]);
std::unique_ptr dacl(new(std::nothrow) BYTE[dwDaclSize]);
std::unique_ptr sacl(new(std::nothrow) BYTE[dwSaclSize]);
std::unique_ptr owner(new(std::nothrow) BYTE[dwOwnerSize]);
std::unique_ptr primaryGroup(new(std::nothrow) BYTE[dwPrimaryGroupSize]);
if (!absSD || !dacl || !sacl || !owner || !primaryGroup)
{
return ERROR_NOT_ENOUGH_MEMORY;
}
result = MakeAbsoluteSD(selfRelativeSD.get(), absSD.get(), &absSDSize,
(PACL)dacl.get(), &dwDaclSize,
(PACL)sacl.get(), &dwSaclSize,
(PSID)owner.get(), &dwOwnerSize,
(PSID)primaryGroup.get(), &dwPrimaryGroupSize);
if (result == 0)
{
return GetLastError();
}
absoluteSD = std::move(absSD);
}
else
{
return err;
}
return ERROR_SUCCESS;
}
DWORD SetPermissions(const std::wstring& fileName, PSID pSID, bool allowed, ACCESS_MASK accessRights, bool set)
{
if (fileName.size() == 0)
{
return ERROR_INVALID_PARAMETER;
}
if (!pSID)
{
return ERROR_INVALID_PARAMETER;
}
wil::unique_handle hFile(CreateFile(fileName.c_str(), READ_CONTROL | WRITE_DAC, 0, NULL, OPEN_EXISTING, FILE_FLAG_BACKUP_SEMANTICS, NULL));
if (!hFile)
{
return GetLastError();
}
std::unique_ptr pSD;
DWORD result = GetSecurityDescriptor(hFile.get(), pSD);
if (result != ERROR_SUCCESS)
{
return result;
}
PACL dacl = nullptr;
BOOL present;
BOOL defaulted;
if (GetSecurityDescriptorDacl(pSD.get(), &present, &dacl, &defaulted) == 0)
{
return GetLastError();
}
if (!present)
{
return ERROR_NOT_SUPPORTED;
}
bool aceType = allowed ? ACCESS_ALLOWED_ACE_TYPE : ACCESS_DENIED_ACE_TYPE;
// if DACL present and not NULL
if (dacl)
{
for (WORD i = 0; i < dacl->AceCount; i++)
{
PACE_HEADER header;
if (GetAce(dacl, i, (PVOID*)&header) != 0)
{
if (header->AceType == aceType)
{
auto ace = (ACCESS_ALLOWED_ACE*)header; // have the same binary layout as ACCESS_DENIED_ACE
if (EqualSid((PSID)&ace->SidStart, pSID) != 0)
{
set ? ace->Mask |= accessRights : ace->Mask &= ~accessRights;
if (SetKernelObjectSecurity(hFile.get(), DACL_SECURITY_INFORMATION, pSD.get()) == 0)
{
return GetLastError();
}
return ERROR_SUCCESS;
}
}
}
}
}
EXPLICIT_ACCESS ea;
PACL pNewDACL = NULL;
// Initialize an EXPLICIT_ACCESS structure for the new ACE.
ZeroMemory(&ea, sizeof(EXPLICIT_ACCESS));
ea.grfAccessPermissions = accessRights;
ea.grfAccessMode = allowed ? SET_ACCESS : DENY_ACCESS;
ea.grfInheritance = NO_INHERITANCE;
ea.Trustee.TrusteeForm = TRUSTEE_IS_SID;
ea.Trustee.ptstrName = (PWSTR)pSID;
result = SetEntriesInAcl(1, &ea, dacl, &pNewDACL);
if (result != ERROR_SUCCESS) {
return result;
}
std::unique_ptr absoluteSD;
result = ToAbsoluteSD(pSD, absoluteSD);
if (result != ERROR_SUCCESS)
{
return result;
}
if (SetSecurityDescriptorDacl(absoluteSD.get(), TRUE, pNewDACL, FALSE) == 0)
{
return GetLastError();
}
if (SetKernelObjectSecurity(hFile.get(), DACL_SECURITY_INFORMATION, absoluteSD.get()) == 0)
{
return GetLastError();
}
return ERROR_SUCCESS;
}
int main()
{
wchar_t trusteeSID[] = L"S-1-5-21-#-#-#-#";
PSID pSid;
if (!ConvertStringSidToSid(trusteeSID, &pSid)) {
std::cout
Подробнее здесь: https://stackoverflow.com/questions/794 ... -on-a-file
